how good is the XP firewall

[David R.]

...

Most applications can now create exceptions for their own use, many
applications do it, and users have no clue.

...

Sorry, but that is not true. The exception list (or any setting in regards
to the XP-Firewall) can only be changed while logged on as administrator.
Programms running under a normal user account (or even the user himself)
can't change ANYTHING to the settings of the XPF. So if you have seen this
problems, I ask you why the hell are you working with an administrator
account? It's one of the first things that every professional learns in
regards to security, that you should NEVER EVER work with an account that
has administrator access. Only use that to configure the system, nothing
more.

 

[Husky]

if you *really* want a solution for viruses, get Linux. it's another OS

A myth. The reason linux boxes aren't a problem is because virii go after the
primary OS worldwide and that's windows.
If the OS can run a program, it can run a virus or a Trojan. No one's building
virus for linux cause it's such a small minority of the usage.

Ken, just so you know... windoze ITSELF is insecure... even the xpsp2
firewall sucks, it doesn't stop everything, and many of the things it doesn't

No disagreement, I switched from ZA to Trends built in everything firewall,
virus, spam filters etc.. It's caught everything.
And then there's the 24 hour FREE email support.
I can only hope they don't change policies and follow the others to bring in
more cash by selling the system in bits and pieces. 24.95 for firewall, 24.95
for spam protection, 24.95 for virus protection. with FREE hourly updates.

stop can be damaging to your computer. also, if you want to access an ftp
server, you always have to disable the firewall before you can do so. using
something like Kerio saves you from having to continuously open the firewall
settings, disabling it, and then enabling it again, because all you get is a
program-generated popup asking if you want to allow the outgoing connection
once, or if you want to allow it all the time.

Or you can switch to Trend. And not mess with any popup's.

disabled), and when i tried to uninstall it, the uninstaller froze and i had
to re-format and re-install everything. i also tried installing NVidea
drivers on a non-NVidea card, xp messed up. installed IIS so i could run an

XP Messed up ? You tried to install incompatible software and the OS messed up
?

ftp server, xp messed up. changed IE settings, IE messed up. think about
those for a while, before you start again to talk about how good windoze is.
note: i have made *many* changes to my Linux box running Mdk (Mandrake), and
nothing's gone wrong so far.

I use windows because the Amiga is no longer supported, and the Macintosh is
just hanging on. Both systems are superior to windows in every way. But I'd no
more consider them, linux, or C= 64, than buying wooden wheels.

Did you use the www.grc.com link and see just how vulnerable you really are
with your not being concerned about outgoing traffic attitude ?

did you learn anything from the www.dshield.org link ?

 

[Michael Solomon \(MS-MVP\)]

And besides, he screws up all our fun with all that logic stuff!

I have to agree with a lot of what Walter says because it's self-evident.
It doesn't happen as often now, perhaps because users are more experienced.
However, we used to see tons of posts from people with no experience with
firewalls who installed them for the first time asking for information about
what they should allow and what they should block.

It's not that difficult to figure out but it does take time before you
understand what things should have access or to be more precise are
relatively benign, hence no harm in allowing them versus things which you
might not recognize and need to do some research.

Of course, that opens another can of worms, if you allow something, even
something you understand and realize is necessary for you to be able to
access most websites or do so without being shortchanged on what you are
able to view at most websites, is it not possible that any one of those
things might be exploited and the answer is yes.

That said, I think I would rather know when there is outgoing information.
If something is going to try such an exploit, it probably would trigger your
antivirus software and even if it was unable to stop the activity, this
would certainly give the user clear warning something is going on and given
the number of "always on" broadband connections, it gives the opportunity
for user intervention as you can very quickly pull the power plug on that
broadband modem and shutdown all activity.

So, I guess to some extent, it's a matter of personal taste whether or not
you are willing to pay the price in the beginning, not panic over the
inundation of alerts of outgoing connections and wish to take the time to do
a little research. There is an upside to that research. You will learn a
lot about your PC, you'll learn a lot about various services, what they do,
what they mean and you will eventually become familiar enough that you will
likely recognize if something strange or unfamiliar is trying to access the
Internet and take appropriate action to stop it until you find out what it
is and what it's all about.
--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

 

[Guest]

:

[...]

And the challenge for those that are "in the know", can you guarantee that
it is utterly impossible to compromise the outbound scanner? Hint: MD5 is
compromised; piggy backing; proof of concepts already exist to compromise
any client side firewall you care to name some of which have been addressed
and some of which haven't; I can and have hand killed a firewall and had
unfettered access...

I have used lots of arguments against third party firewalls, but never this
one because I don't have first hand knowledge that any outbound scanner has
been compromised. However, it seems to me that if the crudware gets on your
machine, you are already screwed anyway and you can never trust your computer
again. If this ever happened to me, I would simply invest three or four
hours and do a clean reinstall, then figure out what the heck happened and
resolve never to allow it to happen again.

I'd leave ZA off unless you want to do the legwork to research polite code
that's attempting to reach out.

ZA has caused me more serious problems than this one, but I'll comment
anyway. Crudware never gets on my machine (I use far more effective
defenses than a third party firewall, which is actually no defense at all),
so by definition every outbound communication is legitimate and either
harmless or beneficial to me -- yet I am constantly prompted to decide
whether to allow some particular program to access the Internet.

Ken

 

[Walter Clayton]

Pssst.

Privilege elevation is child's play. ;-)

 

[Kelly]

I hear you, Michael. But "we" know the value of Walter's words. And again,
is always great to read them. Miss him, too! Beings many of the 'greats'
are still in Win98 and never showed via XP, am really starting to wonder if
they will surface during LH. (

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[K]

How does one change from an Admin. account to a Limited, for Email and Web
access and keep Desktop settings and programs installed under Admin?
K

 

[Buddy]

In response to Michael and Kelly, IMO the "we" Kelly refers to are deserving
of your level of insight and outlook and even an esoteric joke or two on us
fools who jump blindly into the sea of technology and try to get some of it
to work.

For example, I agree with Michael that it is important for an inexperienced
user to explore incoming and outgoing alerts and requests as a means to
learning. After using a college's computers for years with no
responsibilties or authority, I bought this big ol' PC four years ago and
jumped right in, reading Langa and Kelly's website, lurking on forums like
this one, asking questions of you experts, trying every type of security app
anybody recommended until at this point I have a security battery that seems
to work together and is set up to provide alerts to as much info as to what
is going on online as I can get, so far. Beyond that I also scan for malware
on a regular basis with a variety of tools that are supposedly faithful. I
have become very good at using applications of all kinds because I am a
skilled learner.

I am as diligent on a daily basis as I can be because I know, in relative
terms, I am always going to be inexperienced at many, many things. The thing
is, I didn't buy this PC to become a computer scientist, and as amazed with
technology and curious as I am to keep on top of advances, including threats
(I subscribe to more PC newsletters than I have time to read); and
understand all the neat processes, the raison d'etre of this PC is primarily
to do my work.

Inasmuch as there are probably many more people like me than there are
experts, as well as, I'll bet, a majority who will never even read a
newsgroup, there is a burden placed on all of us unecessarily, I think.
Those of you who have expertise give plenty of yourselves on these forums
and newsgroups with endless appreciation from us "...for Dummies" readers. I
myself, a college grad, have to research, often endlessly, for simple
answers (once they are found) to solve what are sometimes huge obstacles
hampering computing, and I am a pretty good researcher. In my opinion it is
the responsibility of the Microsofts, Apples, Mozillas, etc. to employ
educators more effectively--not just scientists and programmers, but
educators that could work on ways to use this enormous tool more
educationally effective.

I can think of as many ways computing for the layman could be made more
simple and more safe as there are problematic situations that appear out of
the blue, and all of them center on getting the right information to the
user more effectively. I can't help but be amazed that a photographic
process that used to take hours in a color lab is now accomplished with a
few mouseclicks, but frustrated that those answers that it takes so much
work to find about this PC could also be a few clicks away if links to them
were always automatically provided in pace with the problematic processes.

One good example is the user you describe who gets alerts but doesn't know
what to do with them: following the "INFO" tab in ZoneAlarm after an alert
is, more often than not, meaningless. What good is that alert to me when I
am busy in the middle of a job if ZA can't even explain it? Like you say,
that may be just a repeat alert that has come up benignly in the past, but
today it may have turned deadly. Why can't I right-click on ANYTHING and be
connected to an "answer-machine" that has been set up by a department of
educational experts cooperating with scientists so I can solve a problem
right now? An alert that says "explorer.exe wants to act as a server" should
be right-clickable for an immediate answer, and not from ZA's programmers,
but from an MS department-- and for safety, analyzed right there for viruses
that are trying to spread. In my mind Microsoft gets paid well enough to
accept that responsibility.

Then, why not, "you had a worm because of a buffer overflow and both have
been fixed", or "You have a buffer overflow, (or whatever), click here to
fix it. If you're not a server, forget it. If it messes anything up you can
toggle it on and off as necessary by clicking here" instead of "go to MS
KB 43298056 and read the whole page to see if this only applies to beige PCs
on a LAN with an orange-colored router v. l.3.3.345. Don't know the
version?--get out your manual...". The flow of information needs to follow
levels: Basic first, maybe quick; difficult if you need it. So I can be safe
and still get some work done.

Simplicity and redundancy should be the goal of technology, not
complication. Maybe so long as every new buffer overflow spawns a new
industry, the status quo will self-perpetuate. No mater what, experts like
you all will always be needed that are able to see the larger picture,
because guys like me are trying, but are resigned to barely keeping up
because even brilliant scientific innovators cannot be expected to be
specialists in teaching us the stuff on levels that universally apply.

Buddy

 

[Husky]

One good example is the user you describe who gets alerts but doesn't know
what to do with them: following the "INFO" tab in ZoneAlarm after an alert
is, more often than not, meaningless. What good is that alert to me when I
am busy in the middle of a job if ZA can't even explain it? Like you say,

That's one of ZA's drawbacks. I can hand you my daily logs, I average maybe
1-2000 hits a day.
On average only about 5 or 6 of those can be classified as malicious.
I used to use ZA. It's got hundreds of bells and whistles. And there's no
disagreement that it has a very simple user interface and even simpler setup.
Making it ideal for beginners with firewall's.
Trouble is when you're only getting maybe 5 or 6 attempts daily to access your
machine, and those may be attempting to access a number assigned previously
IOW: false attacks also, on dial up if you follow even one of ZA's alerts,
that's most likely overkill on your part.
But ZA is ultra programmable by the user so you can put those alerts on ignore.
Making ZA worthwhile as a firewall.
And if you want a report on this, add www.dshield.org to your paranoia arsenal
and help those that don't believe in firewall's or don't think they need one.

that may be just a repeat alert that has come up benignly in the past, but
today it may have turned deadly. Why can't I right-click on ANYTHING and be
connected to an "answer-machine" that has been set up by a department of
educational experts cooperating with scientists so I can solve a problem
right now? An alert that says "explorer.exe wants to act as a server" should
be right-clickable for an immediate answer, and not from ZA's programmers,
but from an MS department-- and for safety, analyzed right there for viruses
that are trying to spread. In my mind Microsoft gets paid well enough to
accept that responsibility.

Read above, most of those alerts you get aren't worth bothering with.

 

[Michael Solomon \(MS-MVP\)]

Yes, the goal of keeping it simple seems to have been lost over the years.
That and it seems the system designers have forgotten the greatest single
reason for devices such as PCs and virtually all modern appliances,
"convenience."

We don't purchase a PC to work on it, we purchase a PC to work for us. If a
user wishes to work on it, there are plenty of options for the "backyard
mechanic" and he certainly can purchase a PC for whatever reason. However,
the primary reason these devices exist is to provide us with a convenience
and perform services for us.

That said, much as I agree with you about what should be done with regard to
errors, I think it is important to understand how difficult what you suggest
might be to put in place. First, there are often many things that can lead
to the same generic error. One of the reasons for the error reports is to
build a database of known issues and what applications, drivers, DLLs, etc.
might be involved. One, this gives Microsoft information about what it
needs to address and two, it alerts them to problem software or hardware.

And, therein lies the tail of the dog. Not to be argumentative and please
don't take anything I'm saying as disagreement with your primary premise as
I agree, what you say is how it should be. However, because the platform is
not generic and the multitude of hardware and software variations, heck an
OEM driver can differ from a retail driver for what is otherwise the same
device, the whole idea becomes extremely problematic.

When people talk about a Mac not having the same types of conflicts as the
PC and ask why the PC cannot match a Mac for stability they are speaking
either from ignorance or they are trolls looking to stir up an argument in
newsgroups such as these. The Mac has its legendary stability because Apple
keeps tight control over the platform. It's easier to write help files,
easier to write specific references with regard to errors, it's easier to
create drivers, write applications and maintain overall system integrity.

With a PC, I'm amazed sometimes that it works at all given all the different
hardware, software, chipsets, motherboards and on and on. That doesn't mean
I think the error reference handling for users cannot be improved, I'm just
stating the reasons why it's so difficult. Further, these are not closed
systems and when they attempted to sell such systems that could not be
upgraded, users rebelled and wouldn't buy them.

Then, there's the cost/price benefit which in and of itself has exacerbated
the very issues of which you speak. While manufacturer's have used all
sorts of schemes to lower their costs, everything from not supplying the
user with a CD of the OS to using cheap parts suppliers who may not be as
well schooled in writing drivers or as good about maintaining and updating
their drivers, one of the single greatest causes of problems on a PC, they
have nonetheless, used these cost benefits to lower the price and that has
turned the PC into a mass market item and frankly, the PC is too complex for
that. And, that exacerbates the problem, making user error a major cause of
problems as well.

In addition, there are all sorts of applications that can help the unwary
user get into a lot of trouble, all sorts of utilities, registry cleaners,
utilities that modify files or make modifications to the setup, all of which
are things over which Microsoft has no control and would be virtually
impossible for them to anticipate and, as such, write a useful response.
Hence, we have things such as System Restore which is sort of a catch all
but basically is meant to restore system settings and the registry, a repair
install, something the user only has if they have a retail CD or an OEM that
is equivalent and identical to a retail CD and the recovery console which is
not only too complicated for most users but often requires access to help
files and explanations that can only be had if the system is booted...in
other words, useless if they can't boot, yet, that is the primary reason for
its existence. That one, Microsoft can control and I expect it will improve
in future iterations of Windows.

I agree almost totally with what you see as problems and certainly see the
value of the types of responses you have outlined, some of which can be
implemented. Unfortunately, I think you and many others would still find
the system woefully lacking because of all the variables that cannot be
anticipated.

You don't need to be a mechanic to drive a car. Unfortunately, we have not
quite gotten to the point where you truly need no computer knowledge in
order to operate a PC. A user may start out that way but, eventually, the
very nature of the system, updates, upgrades, etc. will eventually catch up
with them.
--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

 

[Kelly]

Wow, you are some writer, Buddy. ) As for the "we" only meant that
Walter isn't known in the XP groups. Nothing harmful or insulting from it,
was my intention.

--

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[sf]

Beings many of the 'greats'
are still in Win98 and never showed via XP, am really starting to wonder if
they will surface during LH. (

You mean PCR, Terhune, Colorado et al? They're really great guys and
a lot of fun to be around... PA Bear rears his head both here and
there, I see! I'm looking forward to getting to know you all in XP...
they're donning their "radiation suits" in honor of my passing over
from 98 to XP, but if I mind my manners... they say they'll still let
me post there too.

sf
<wondering what LH is>

 

[sf]

Yes, the goal of keeping it simple seems to have been lost over the years.
That and it seems the system designers have forgotten the greatest single
reason for devices such as PCs and virtually all modern appliances,
"convenience."

We don't purchase a PC to work on it, we purchase a PC to work for us. If a
user wishes to work on it, there are plenty of options for the "backyard
mechanic" and he certainly can purchase a PC for whatever reason. However,
the primary reason these devices exist is to provide us with a convenience
and perform services for us.

Thanks, Michael! Now can you inform all the makers of remote conrols,
telephones (I have one where I can't screen calls or access the
mailboxes), video recorders etc about this? Apparently they got a
memo saying that all users will have a technical engineering
background.


sf

 

[RoS]

Right on Buddy! Remember 2001 and Hitch-Hicker? I know Hal turned out to be
a bad'un and Hitch, well....... But oh for the day when I'll be able to look
at the thing and say "Right, Chum, open that file with the bank stuff on it
and take some dictation, bring up those photos I started work on last
eek - or was it the week before, have a dozen roses delivered to the lady
in my life and, oh yes, send a small, but lethal, plasma bolt through that
spammer who keeps making a pest of itself" and have it all done without any
interactive back chat from bits of silicon1
RoS

 

[Michael Solomon \(MS-MVP\)]

ROFLOL, I'll see what I can do!

Actually, I've been watching this aspect of telephones with some amusement,
whoops, amazement and those who have designed these new contraptions (Didn't
Don Ameche invent the first one, I'm sure I saw him do it in a movie?)
definitely seem to think the users have engineering degrees.

You know there's a problem when you hear users say, "Oh, I just let my kids
program the thing for me!"

Telephones used to be the simplest of devices, making them perennially one
of the most useful of "modern" conveniences. It's unfortunate we now have a
new category we can call "modern inconveniences" to which programmable
telephones certainly belong.

When I was growing up, I had a friend who was an airline pilot. They were
used to doing their calculations on sliderules and such. Then. computers
were brought into the mix and after a few hassles with them, he began
calling them "Confusers."

--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

 

[Michael Solomon \(MS-MVP\)]

Excuse me, Hal wasn't bad, he was just programmed that way!

--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

 

[sf]

he began calling them "Confusers."

:0

That's what my father calls a computer... and I thought it was his
invention all this time!





"We must not let our rulers load us with perpetual debt. We must make our election between economy and liberty or profusion and servitude"

"If we run into such debt, as that we must be taxed in our meat and in our drink, in our necessaries and our comforts, in our labors and our amusements, for our calling and our creeds...we [will] have no time to think, no means of calling our miss-managers to account but be glad to obtain subsistence by hiring ourselves to rivet their chains on the necks of our fellow-sufferers. And this is the tendency of all human governments. A departure from principle in one instance becomes a precedent for another till the bulk of society is reduced to be mere automatons of misery.

"And the fore-horse of this frightful team is public debt. Taxation follows that and in its train wretchedness and oppression." - Thomas Jefferson - Author of The Declaration of Independence, Founding Father and Third U.S. President

 

[sf]

Excuse me, Hal wasn't bad, he was just programmed that way!

"I'm sorry Dave, I can't let you do that."
http://www.ee.ryerson.ca:8080/~elf/aso/


"We must not let our rulers load us with perpetual debt. We must make our election between economy and liberty or profusion and servitude"

"If we run into such debt, as that we must be taxed in our meat and in our drink, in our necessaries and our comforts, in our labors and our amusements, for our calling and our creeds...we [will] have no time to think, no means of calling our miss-managers to account but be glad to obtain subsistence by hiring ourselves to rivet their chains on the necks of our fellow-sufferers. And this is the tendency of all human governments. A departure from principle in one instance becomes a precedent for another till the bulk of society is reduced to be mere automatons of misery.

"And the fore-horse of this frightful team is public debt. Taxation follows that and in its train wretchedness and oppression." - Thomas Jefferson - Author of The Declaration of Independence, Founding Father and Third U.S. President

 

[Michael Solomon \(MS-MVP\)]

Terrific site, I'm a rather big fan of the film myself. My line about "HAL"
(which for those of you who don't know was an acronym formed from Heuristic
ALgorithmic which was a reference to the HAL 9000's ability to "learn" and
build on data from input) was a reference to the line in "Who Framed Roger
Rabbit?" "I'm not bad, I'm just drawn that way."
--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

Excuse me, Hal wasn't bad, he was just programmed that way!

"I'm sorry Dave, I can't let you do that."
http://www.ee.ryerson.ca:8080/~elf/aso/


"We must not let our rulers load us with perpetual debt. We must make our
election between economy and liberty or profusion and servitude"

"If we run into such debt, as that we must be taxed in our meat and in our
drink, in our necessaries and our comforts, in our labors and our
amusements, for our calling and our creeds...we [will] have no time to
think, no means of calling our miss-managers to account but be glad to
obtain subsistence by hiring ourselves to rivet their chains on the necks
of our fellow-sufferers. And this is the tendency of all human
governments. A departure from principle in one instance becomes a
precedent for another till the bulk of society is reduced to be mere
automatons of misery.

"And the fore-horse of this frightful team is public debt. Taxation
follows that and in its train wretchedness and oppression." - Thomas
Jefferson - Author of The Declaration of Independence, Founding Father and
Third U.S. President

 

[Frank Saunders, MS-MVP]

Terrific site, I'm a rather big fan of the film myself. My line about
"HAL"
(which for those of you who don't know was an acronym formed from
Heuristic
ALgorithmic which was a reference to the HAL 9000's ability to "learn" and
build on data from input) was a reference to the line in "Who Framed Roger
Rabbit?" "I'm not bad, I'm just drawn that way."

I wish I could get a DVD of the long (more than 3 hour) version.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
http://defendingyourmachine.blogspot.com/